Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2023, 20:10
Static task
static1
Behavioral task
behavioral1
Sample
0ea4bb1bfa8334903ab7b7278c919d3aad4338ce33d366a09833c7e5d2dab859.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0ea4bb1bfa8334903ab7b7278c919d3aad4338ce33d366a09833c7e5d2dab859.dll
Resource
win10v2004-20230221-en
General
-
Target
0ea4bb1bfa8334903ab7b7278c919d3aad4338ce33d366a09833c7e5d2dab859.dll
-
Size
96KB
-
MD5
de4e7f7aa6307c847899191c3c9ddfa3
-
SHA1
887e3e8a4bc310bdcef9f3489f8ad87ea9d4f3b3
-
SHA256
0ea4bb1bfa8334903ab7b7278c919d3aad4338ce33d366a09833c7e5d2dab859
-
SHA512
2b2504a3d8f47a5b0b47e8cd8d3667f0c82abbeb54ae50f935226fca454b1c3739a4a47d6f1334d1e67d1083dfb6e87901d87764cf72e436a76bff769f7aba68
-
SSDEEP
1536:EJ2Nch1WZ4Hj6wwQIF9RCKEVAYXBoUVoItkOqb:EJCzyHj6P90K0xoUVoBzb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4376 wrote to memory of 444 4376 rundll32.exe 81 PID 4376 wrote to memory of 444 4376 rundll32.exe 81 PID 4376 wrote to memory of 444 4376 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea4bb1bfa8334903ab7b7278c919d3aad4338ce33d366a09833c7e5d2dab859.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4376 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea4bb1bfa8334903ab7b7278c919d3aad4338ce33d366a09833c7e5d2dab859.dll,#12⤵PID:444
-